diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/grsecurity.nix | 10 | ||||
-rw-r--r-- | nixos/modules/security/grsecurity.xml | 8 |
2 files changed, 3 insertions, 15 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 155bbea8c6e6..c37bcb70d9d2 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -65,20 +65,10 @@ in config = mkIf cfg.enable { - # Allow the user to select a different package set, subject to the stated - # required kernel config boot.kernelPackages = mkDefault pkgs.linuxPackages_grsec_nixos; boot.kernelParams = optional cfg.disableEfiRuntimeServices "noefi"; - system.requiredKernelConfig = with config.lib.kernelConfig; - [ (isEnabled "GRKERNSEC") - (isEnabled "PAX") - (isYes "GRKERNSEC_SYSCTL") - (isYes "GRKERNSEC_SYSCTL_DISTRO") - (isNo "GRKERNSEC_NO_RBAC") - ]; - nixpkgs.config.grsecurity = true; # Install PaX related utillities into the system profile. diff --git a/nixos/modules/security/grsecurity.xml b/nixos/modules/security/grsecurity.xml index 37314bdba8a5..6f9884336b1e 100644 --- a/nixos/modules/security/grsecurity.xml +++ b/nixos/modules/security/grsecurity.xml @@ -225,11 +225,9 @@ </para> <para> - The NixOS module makes several assumptions about the kernel and so may be - incompatible with your customised kernel. Most of these assumptions are - encoded as assertions — mismatches should ideally result in a build - failure. Currently, the only way to work around incompatibilities is to - eschew the NixOS module and do all configuration yourself. + The NixOS module makes several assumptions about the kernel and so + may be incompatible with your customised kernel. Currently, the only way + to work around incompatibilities is to eschew the NixOS module. </para> </sect1> |